You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2019/10/21 12:00:49 UTC
svn commit: r1868699 -
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java
Author: coheigea
Date: Mon Oct 21 12:00:49 2019
New Revision: 1868699
URL: http://svn.apache.org/viewvc?rev=1868699&view=rev
Log:
Disallow DTDs for config files
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java?rev=1868699&r1=1868698&r2=1868699&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/Init.java Mon Oct 21 12:00:49 2019
@@ -159,7 +159,7 @@ public class Init {
private static void fileInit(InputStream is) {
try {
/* read library configuration file */
- Document doc = XMLUtils.read(is, false);
+ Document doc = XMLUtils.read(is, true);
Node config = doc.getFirstChild();
for (; config != null; config = config.getNextSibling()) {
if ("Configuration".equals(config.getLocalName())) {